Trojan.DNSChanger/Zlob.DNSChanger removal helped needed

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Potluck, Jan 23, 2009.

  1. Potluck

    Potluck Private E-2

    Hello,

    Not been able to get rid of this dnschanger so far, it keeps coming back. :(

    Windows Update will not update, switching between 80244019 and 8024402C error codes after a Malwarebytes' Anti-Malware removal. Most newly installed software will not update either.

    I reinstalled my OS yesterday but the infection is still present.

    Changing my homepage from google to igoogle has stopped the redirections but I would really like to be able to update my software programs again.

    I'm running Windows Vista Home Premium and connect to the internet through a router. Thanks for any help you can provide.

    Here are the logs from the READ & RUN ME FIRST. Malware Removal Guide and the Removing Zlob aka SmitFraud, SpySheriff, Infections posts.
     

    Attached Files:

    Potluck, Jan 23, 2009
    #1
  2. Potluck

    Potluck Private E-2

    When doing the first scan with ComboFix I noticed my internet was disconnected. I reran the scan straight after the first one with my internet on.

    Here is the ComboFix log with my internet on.

    I didn't want to miss anything out.
     

    Attached Files:

    Potluck, Jan 23, 2009
    #2
  3. Potluck

    Potluck Private E-2

    and here are the final logs from MGtools and SmitfraudFix's step 1 & 2 logs.
     

    Attached Files:

    Potluck, Jan 23, 2009
    #3
  4. Potluck

    Potluck Private E-2

    I logged into my router and found entries for primary and seconday DNS selected and entered. I deleted them and ticked 'Get Automatically from ISP' and after running Malwarebytes' Anti-Malware in safe mode, I've been able to access my windows updates again. :)
     
    Potluck, Jan 24, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes the infectuon you had modifies router settings. Sometimes it is necessary to reset the routers back to factory defaults to correct the problem.

    Your logs had still shown the below signs of the DNS hijacker in the registry:
    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
--
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
--
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21d458a9-c53c-40d3-906b-4c0053ea5703}
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
--
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21d458a9-c53c-40d3-906b-4c0053ea5703}
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
--
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{21D458A9-C53C-40D3-906B-4C0053EA5703}
    DhcpNameServer    REG_SZ    85.255.112.207 85.255.112.229
    Thus it would be a good idea for you to download and run the new version of MGtools and attach a new log so we can make sure that fixing your router has correct these entries. Get the new MGtools here: MGtools.exe
     
    chaslang, Jan 27, 2009
    #5
  6. Potluck

    Potluck Private E-2

    I updated to many windows updates at once and it caused a reboot error, so I decided to set my computer back to factor settings. I reformated my hard drive before the reinstall.

    Since then I've installed zonealarm firewall and avg anti-virus and with the router settings fixed, I haven't had any more problems with the dns changer so far. :)
     
    Last edited: Jan 28, 2009
    Potluck, Jan 28, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to hear you had to go that route. FYI, when things like this happen, you should always delete partitions and repartition before formatting. It is just a more thorough approach to making sure you get rid of the malware.

    Now that you have formatted, you should work thru the below:

    How to Protect yourself from malware!
     
    chaslang, Jan 30, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds